Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2024

Sponsored Post
kondukto

Running DAST in CI/CD for Regression Testing

Feb 29, 2024 By Andreas Wiese In Kondukto
In the fast-paced field of software development, ensuring applications remain functional and secure through updates is essential. Regression testing, which checks that new code doesn't harm existing features, is key. Dynamic Application Security Testing (DAST) tools play a crucial role here. They identify security flaws in active web applications. This article explores the importance of DAST tools, integration, and enhancement in regression testing.
Read Post
appknox

Why MobSF Isn't Ideal for Application Security Testing?

Feb 28, 2024 By Harshit Agarwal In Appknox
Mobile Security Framework (MobSF), launched by OWASP in 2015, is a partially automated, open-source, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic, and malware analysis. MobSF is one of the most widely used security applications where the testing framework - a simple, flexible, and incredibly powerful tool has quickly become the lingua franca of security. The flexibility and accessibility of the tool are helpful but also dangerous.
Read Post
kondukto

Microsoft Azure CLI affected by CVE-2022-39327

Feb 28, 2024 By Kondukto Security Team In Kondukto
CVE-2022-39327 is a code injection vulnerability that affects the command-line interface for Microsoft Azure (Azure CLI). The vulnerability allows an attacker to execute arbitrary commands on a Windows machine that runs an Azure CLI command with untrusted parameter values. The vulnerability was discovered by GitHub Security Lab and reported to Microsoft on October 7, 2022. Microsoft released a patch for the vulnerability on October 25, 2022, in version 2.40.0 of the Azure CLI.
Read Post
seemplicity

AppSec Vulnerability Management: Uniting AppSec and CloudSec

Feb 28, 2024 By Kevin Swan In Seemplicity
Businesses have come a long way in their individual journeys to digital transformation, all to enhance their customer and workforce experiences. This shift elevated the importance of both Application Security (AppSec) and Cloud Security (CloudSec) in safeguarding digital assets and ensuring infrastructure resilience.
Read Post
Snyk

How REI built a DevSecOps culture and how Snyk helped

Feb 27, 2024 By Brian Piper In Snyk
A few years ago, REI embarked on its digital transformation and cloud migration journey, moving on-prem development environments to AWS. But, as REI’s development teams began this transition, their security counterparts noticed that application security just wasn’t keeping up. As a result, REI began another journey: identifying the right security tooling and cultural shifts for AppSec success.
Read Post

The 2024 Open Source Security and Risk Analysis (OSSRA) Report | Synopsys

Feb 27, 2024 By Synopsys In Synopsys
Open source is in everything, everywhere, all at once. Get an in-depth look at the current state of open source security with the ninth edition of the “Open Source Security and Risk Analysis”(OSSRA) report. Do you know what's in your code?
View Video
panoptica

Demystifying Cloud Security: Dispelling Common Misconceptions for Robust Protection

Feb 26, 2024 By Panoptica
Explore the truth behind cloud security myths. Learn why focusing beyond common vulnerabilities is crucial, delve into application security strategies, and discover the power of bug bounties. Shift your perspective to secure from the inside-out and fortify your multi-cloud presence.
Get EBook
panoptica

The Cloud Threat Landscape: Security Learnings from 500 Cloud Environments

Feb 26, 2024 By Panoptica
In this cutting-edge eBook, explore an extensive analysis of the cloud threat landscape, derived from over 500 diverse cloud environments from Panoptica's own unique data set. Gain unparalleled insight into the evolving cloud threat landscape, while deep diving into attack path analysis, and trends across cloud service providers, CVEs, and Kubernetes coverage. This eBook reveals interesting trends in the market to help inform your own organization's cloud security posture and navigate the multi and hybrid cloud environments with increased confidence.
Get EBook

Cloud Unfiltered with Chris Aniszczyk - History of CNCF, Linux FDN, KubeCon & the Future - Episode 3

Feb 23, 2024 By Panoptica In Panoptica
In this episode, Chris Aniszczyk, CTO of Linux Foundation/CNCF sits down with host, Michael Chenetz to discuss the history of the CNCF (Cloud Native Compute Foundation) and where it is going. Additionally, Chris discusses what he expects the trends to be for the next KubeCon in Paris.
View Video

Exploring LLM Hallucinations - Insights from the Cisco Research LLM Factuality/Hallucination Summit

Feb 22, 2024 By Panoptica In Panoptica
LLMs have many impressive business applications. But a significant challenge remains - how can we detect and mitigate LLM hallucinations? Cisco Research hosted a virtual summit to explore current research in the LLM factuality and hallucination space. The session includes presentations from University professors collaborating with the Cisco Research team, including William Wang (UCSB), Kai Shu (IIT), Danqi Chen (Princeton), and Huan Sun (Ohio State).
View Video
aikido

The Cure For Security Alert Fatigue Syndrome

Feb 21, 2024 By Willem Delbare In Aikido
Most security tools waste developers’ time. We’re on a mission to fix this. Application Developers aren't paid to care about security. Their performance is measured by the speed at which they can add value to the business through new features or enhancements. This makes traditional security tools a hindrance as they're not built for developers — plus, they're not designed to be helpful.
Read Post
synopsys

Navigating complexity in AppSec

Feb 21, 2024 By Charlotte Freeman In Synopsys
Even as the speed of software development increases, security remains a paramount concern. As organizations strive to keep pace with rapid innovation, they grapple with the dual challenge of maintaining agility while ensuring the security of their software products. Enter AppSec on the Move 2024, a pivotal event that promises to shed light on strategies for improving the return on investment (ROI) of application security (AppSec).
Read Post

Cloud Unfiltered with David Aronchick - AI, Kubeflow, and CoD - Episode 2

Feb 16, 2024 By Panoptica In Panoptica
In this episode of Cloud Unfiltered, host Michael Chenetz interviews David Aronchick, co-founder of Kubeflow and leader of a new startup, Expanso. They dive into David's unique journey as a tech innovator, detailing his significant contributions to Kubernetes at Google and his ventures in the startup world. They explore the challenges of reproducibility in technology, the evolution of Kubernetes, and the future of AI and machine learning, including the significance of Kubeflow and Expand in simplifying and advancing cloud and AI technologies.
View Video
Snyk

Reporting AppSec risk up to your CISO

Feb 13, 2024 By Kate Powers Burke In Snyk
For security leaders, building a strong working relationship with your CISO often comes down to your ability to provide clear reports and concise risk summaries. Your reports allow CISOs to perform a vital responsibility of their role: translating highly technical security jargon into actionable recommendations that will reduce risk and improve security maturity across the organization. And in the case of a breach or zero-day event, CISOs may be the bearer of bad news.
Read Post

Cloud Unfiltered with Ayse Kaya - Container Security Report - Episode 1

Feb 13, 2024 By Panoptica In Panoptica
Join host Michael Chenetz and returning guest Ayse Kaya as they delve into the critical topic of container security. This episode covers the latest insights from the 2023 SlimAI Container Report, focusing on the challenges and advancements in this ever-evolving field.
View Video

Introducing Motific.ai. Accelerate your GenAI adoption journey.

Feb 6, 2024 By Panoptica In Panoptica
Unlock rapid, trusted delivery of GenAI capabilities in your organization and streamline management of GenAI building blocks. Outshift is Cisco’s incubation engine, innovating what's next and new for Cisco products and sharing our expertise on emerging technologies. Discover the latest on cloud native applications, cloud application security, generative AI, quantum networking and security, future-forward tech research, our latest open source projects and more.
View Video
kondukto

Splunk Enterprise affected by CVE-2023-40598

Feb 5, 2024 By Kondukto Security Team In Kondukto
This is an overview of the CVE-2023-40598 vulnerability, which affects Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1. We will explain the nature of the vulnerability, how it can be exploited, and how it can be fixed. We will also provide code examples, links to web pages with valuable information, and tips on how to prevent similar vulnerabilities in the future.
Read Post
cato networks

Busting the App Count Myth

Feb 1, 2024 By Avishay Zawoznik In Cato Networks
Many security vendors offer automated detection of cloud applications and services, classifying them into categories and exposing attributes such as security risk, compliance, company status etc. Users can then apply different security measures, including setting firewall, CASB and DLP policies, based on the apps categories and attributes. It makes sense to conclude that the more apps are classified, the merrier. However, such a conclusion must be taken with a grain of salt.
Read Post

Automated SCM project scanning with Black Duck SCA | Synopsys

Feb 1, 2024 By Synopsys In Synopsys
Black Duck’s automated project onboarding meets teams where they already are and enables them to quickly onboard and scan multiple projects in a single step. This means no manual scanning needed, and no interfacing with builds or pipeline – these scans are mapped and executed entirely within Black Duck. In this video, we'll demonstrate how to.
View Video
panoptica

The Beginner's Guide to Attack Paths

Feb 1, 2024 By Panoptica
In the ever-evolving landscape of multi-cloud environments, the future of cloud security demands a paradigm shift. In this eBook, dive into the details of how looking at cloud environments from the perspective of an attacker to identify and prioritize critical security risks, can improve your cloud security. The power of the attack path is not just about surfacing findings; it's about visualizing them in a way that brings clarity to complexity, empowering you to make informed decisions swiftly.
Get EBook
panoptica

The Definitive Guide to Securing AWS S3 Buckets: Best Practices and Risks Unveiled

Feb 1, 2024 By Panoptica
Unlock the secrets of Amazon S3 bucket security with our comprehensive guide. Learn about S3 basics, access control methods, and the potential risks of misconfigurations. Discover real-world examples, best practices, and how to safeguard your data from breaches and vulnerabilities.
Get EBook

Copyright © 2024 OpsMatters™. All rights reserved.